Does the NDIS Code of Conduct apply to unregistered providers?

Yes. The Code applies to all NDIS providers and workers regardless of registration status. This includes sole traders, unregistered support workers engaged by self-managed or plan-managed participants, and allied health professionals delivering NDIS-funded sessions.

How many obligations are in the NDIS Code of Conduct?

There are seven core obligations covering: respect for participant rights and autonomy, privacy, safe and competent service delivery, integrity and honesty, raising concerns, prevention of abuse and neglect, and prevention of sexual misconduct.

What can the NDIS Commission do if a worker breaches the Code?

The Commission can issue compliance notices, impose civil penalties, require enforceable undertakings, and issue banning orders that permanently or temporarily prohibit an individual from working in the NDIS sector. Providers who employ banned workers also face enforcement action.

What does a registered provider need to do about worker Code compliance?

Registered providers must take reasonable steps to ensure every worker is aware of and complies with the Code. This means providing Code training at induction, embedding obligations in employment agreements, keeping training records, and having a process for investigating and acting on alleged breaches.

How does the NDIS Code of Conduct relate to the NDIS Practice Standards?

The Code sets the behavioural obligations for individuals, while the Practice Standards set quality and safety requirements for organisations. They are complementary — auditors assess both during registration audits. The strengthened Practice Standards introduced from late 2023 place greater emphasis on demonstrating that the Code's obligations are embedded in daily practice, not just policy documents.

Are volunteers covered by the NDIS Code of Conduct?

Yes. The Code applies to any person who provides NDIS supports or services, including unpaid volunteers and students on placement. Registered providers must ensure their volunteers are also aware of and comply with the Code.

What is the NDIS Code of Conduct?

The NDIS Code of Conduct is a set of legally enforceable obligations established under the National Disability Insurance Scheme (Code of Conduct) Rules 2018. It applies to every registered and unregistered NDIS provider, and to every worker — paid or unpaid — who delivers NDIS supports or services. The Code sits alongside the NDIS Practice Standards as the foundation of quality and safeguarding in the scheme.

The NDIS Quality and Safeguards Commission enforces the Code and has the power to investigate complaints, issue compliance notices, impose civil penalties, and permanently ban individuals from working in the disability sector. Understanding the Code is therefore not optional — it is a baseline obligation from day one of providing supports.

Who Does the Code Apply To?

The Code has broad reach. It applies to:

Registered NDIS providers — organisations and individuals formally registered with the NDIS Commission.
Unregistered providers — any person or entity delivering NDIS-funded supports, even when the participant self-manages or plan-manages their funding.
All workers — employees, contractors, volunteers, and students on placement who provide NDIS supports or services.
Providers engaging workers — registered providers have an additional obligation to ensure their workers are aware of and comply with the Code.

This means sole traders, large organisations, allied health professionals delivering NDIS sessions, and support workers in a SIL setting are all equally bound by the same seven obligations.

The Seven Obligations of the Code

The Code requires every NDIS provider and worker to:

Act with respect for individual rights to freedom of expression, self-determination, and decision-making. Participants must be supported to make their own choices, including choices that carry some risk. Workers must not override or dismiss those preferences.
Respect the privacy of people with disability. Personal, health, and support information must be handled with discretion and stored securely, consistent with applicable privacy legislation.
Provide supports and services in a safe and competent manner, with care and skill. Workers must have the qualifications, training, and competence required for the supports they deliver — and must not practise beyond their scope.
Act with integrity, honesty, and transparency. This includes not deceiving participants, their families, or the NDIS Commission, and being open about conflicts of interest.
Promptly take steps to raise and act on concerns about matters that might have an impact on the quality and safety of supports. Workers must not stay silent about unsafe practices, poor care quality, or colleague conduct that puts participants at risk.
Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect, and abuse of, people with disability. This is one of the most critical obligations and underpins the scheme's entire safeguarding framework.
Take all reasonable steps to prevent and respond to sexual misconduct. This obligation covers both participant-directed and worker-directed sexual misconduct and applies in all support settings.

How the Code Connects to the Strengthened Practice Standards (2026)

From 1 November 2023, the NDIS Commission began phasing in the strengthened NDIS Practice Standards, which apply to all registered providers — including those delivering SIL. These revised standards carry a closer relationship to the Code than the previous framework. Auditors now assess not just whether policies exist, but whether the organisation's culture, governance, and daily practices give effect to the Code's obligations in practice.

For SIL providers in particular, the strengthened standards place heightened scrutiny on:

The prevention and management of restrictive practices, which must be authorised, documented, and reported.
Incident management systems, including mandatory reporting of NDIS reportable incidents to the Commission within required timeframes.
The organisation's approach to worker screening, supervision, and ongoing competency assurance.
Clear governance structures that demonstrate accountability from the board or executive level through to frontline support workers.

Providers seeking or renewing registration in 2026 should treat the Code not as a wall poster but as a live governance instrument embedded in policies, supervision frameworks, and complaint management processes.

Obligations on Registered Providers: Worker Code Awareness

Registered providers carry a distinct, additional obligation under the Code: they must take reasonable steps to ensure that workers are aware of the Code and comply with it. In practice this requires:

Providing Code of Conduct training at induction and at regular intervals thereafter.
Incorporating the Code into employment contracts, position descriptions, and performance review frameworks.
Maintaining records that demonstrate workers have received and understood Code training.
Having a clear process for investigating alleged breaches and taking proportionate action.

During a registration audit, an approved quality auditor will seek evidence of all four of these elements. A policy that references the Code but lacks training records or investigation procedures will not satisfy the standard.

What Happens When the Code is Breached?

The NDIS Commission can take a range of compliance and enforcement actions. These include:

Action	Who it applies to
Compliance notice	Provider or worker
Enforceable undertaking	Provider or worker
Civil penalty (infringement notice)	Provider or worker
Banning order (temporary or permanent)	Individual worker
Registration suspension or cancellation	Registered provider

Banning orders are particularly serious: a banned individual is publicly listed on the NDIS Commission's register and cannot work for any NDIS provider. Employers who knowingly engage a banned person face their own enforcement action.

Practical Steps to Embed the Code in Your Organisation

Map every obligation to a policy. For each of the seven Code obligations, identify which internal policy gives it effect (e.g., the abuse and neglect prevention policy covers obligations 6 and 7; the privacy policy covers obligation 2).
Build Code awareness into induction. New workers should complete structured Code of Conduct training before they begin unsupervised delivery of supports. Record completion in your HR system.
Integrate the Code into supervision. Regular one-on-one supervision discussions should reference Code obligations when reviewing incidents, near-misses, or participant feedback.
Create a safe reporting culture. Obligation 5 requires workers to raise concerns promptly. This only works if your incident reporting process is accessible, non-punitive, and visibly actioned by management.
Review the Code in your annual policy review cycle. The NDIS Commission updates guidance materials periodically. Assign a governance lead to monitor changes and update policies accordingly.
Keep evidence audit-ready. Training records, signed Code of Conduct acknowledgements, investigation outcomes, and worker breach notices should be stored and retrievable at short notice ahead of any audit.

SIL-Specific Considerations

SIL environments present unique Code compliance challenges because workers are often alone with participants in their homes, sometimes overnight, with limited direct supervision. This elevates the risk profile for obligations 6 and 7 (abuse/neglect prevention and sexual misconduct). SIL providers should ensure that:

Rostering arrangements do not place new or inexperienced workers in high-risk unsupervised settings without adequate support.
All SIL workers hold a current NDIS Worker Screening Check clearance before commencing.
Positive behaviour support plans and restrictive practice authorisations are in place and understood by all workers in the home, not just the primary support team.
After-hours incident reporting pathways are clear and tested — workers must know how to report at 11 pm, not just during business hours.

If you are building or auditing your SIL compliance documentation, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit designed specifically for these obligations under the strengthened framework — a useful starting point for providers who need to close policy gaps quickly ahead of registration renewal.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.